Join over 120+ tech professionals by guest blogging for CitizenTEKK. We encourage submissions. If you’re a startup, developer, programmer, investor, mentor, or other thought leader in the startup and developer community, please don’t hesitate to apply!




Build forms to make smarter, faster decisions with WizeHive

Archives for: April 2013

There were 18 posts published in April 2013.

5 Ways to Drive Engagement to Your App by Appboy

It used be easy to launch a mobile app. You built something quickly, submitted it to the App Store and then waited for downloads to come pouring in. As the ecosystem became competitive, things got more difficult: you had to worry about discoverability, managing customer reviews and paying for new users. Getting featured by Apple seemed like a long shot. Today, it’s extremely difficult just to get your app off the ground, and there’s a pervasive assumption that success comes with a large marketing budget.


While the ecosystem continues to be challenging, there’s a big opportunity that’s still under the radar: managing customer relationships.


For web-based companies, CRM is not a new concept, and it’s widely accepted as an important part of a broader marketing strategy. The idea behind CRM is that customer value can be increased through meaningful interactions, provided they’re done in a systematic and personalized way. Take Amazon’s recommended products, Zappos’ legendary customer support or Fab’s gifting and discounts. These are not short-lived marketing tactics, but rather carefully devised, strategic assets that drive the lifetime value of customers and increase a company’s ROI.

For mobile apps, this same idea is taking shape as MRM, or mobile relationship management. While still in its infancy, it’s one of the few clear solutions for driving the long-term business value of an app business. That’s because it solves the painful problem of abysmally low retention rates in the ecosystem: about 46% of people stop using an app after one month, and 65% after three months (Flurry 2012). A large percentage of these people do not leave because they’re disinterested in the app. Rather, the structural challenges of the ecosystem and numerous other distractions on mobile phones make it hard for them to access and use the app on a regular basis.

The result? Customer relationships in mobile apps end soon after they begin, and app developers are trapped in a vicious cycle of paying for users who bring them little value.


To solve this problem, app developers should shift a portion of their resources from new user acquisition to maximizing the value of their existing customers. It’s a fairly straightforward decision with little technical risk, given the absence of legacy MRM platforms. Moreover, activating MRM can influence key metrics almost immediately, and many of its tasks can be automated to save valuable marketing resources.


A slightly bigger task is defining an MRM plan, or customer engagement strategy. At Appboy, we use a five-step framework designed to uncover the most valuable opportunities when managing customer relationships in mobile apps. We use it for all new client onboarding, and the output it generates becomes the foundation of engagement thinking for their teams. Here are the steps:

1. Define your value proposition. Think about what your app does, its most important features and key benefits to your customers. It will help to articulate why customers should use your app in the presence of many other options. For certain apps, you’ll have to dig deep as the proposition isn’t always clear. For example, much of Instagram’s success lies its beauty and simplicity - emotional benefits that trump its otherwise generic photo-taking function.

2. Establish your business goals. Do you want people to spend more time in your app, browsing content, creating content or simply being exposed to your brand? Or do you want them to spend more money in the app, by buying virtual goods or signing up for a subscription? Each option is just as valid as the other, depending on the app’s business model. What’s important to note, however, is that money spent in-app is highly dependent on time spent in-app. This is especially true for the gaming category, where the optimal time to convert a customer is after they’re reached a certain level of gameplay.

3. Identify key actions. There are certain steps that all app users take which are naturally suited for relationship building. For example, everyone begins their app experience by going through an onboarding process and getting to know the app’s interface on the home screen. They then familiarize themselves with the app’s core features and functions over the course of several interactions. Once they’ve used an app enough times to build repetition, they may be ready to make a purchase or share it with their friends. At certain steps of the process, there’s also an increased risk of abandonment. Thinking about the broader customer journey helps to identify key actions that trigger either positive or negative behaviors, and to influence them accordingly.


4. Create custom segments. People are different. They use apps in different ways and each has different expectations of the experience. Rather than trying to mold them into a single use case, the best way to serve their needs is by grouping their behaviors into distinct segments. For example, have they successfully completed onboarding? Are they engaged users or or social influencers? Have they made an in-app purchase? Have they added their friends or imported their address book contacts? Which version of the app are they using? Creating 10-15 of these segments and speaking to them in a personal way can greatly increase the effectiveness of your message.


5. Engage via multiple channels. Many app developers forget that they have several options for engaging their customers. For example, they can message them via push notifications, in-app messages or email. They can use customer support to address issues and win back at-risk customers. They can also monitor customer sentiment across social networks. While each of these channels is best for a particular function (eg push notifications are very effective for re-engaging lapsed users), none of them alone should be the basis of an entire customer engagement strategy. When creating your MRM plan, consider how each one can build the value of your business.


Going through these steps forces you to think about your customers in a more human way. It puts an emphasis on building real relationships, rather than treating everyone as the same person. Knowing when and how to connect with people is an undervalued skill in the app business, as ultimately they’re the ones driving the value of your business.


With MRM still in its early stages and app developers so focused on user acquisition, it’s easy to miss this opportunity to leap ahead of your competition. However, it’s only a matter of time before the broader market catches up. So, what are you waiting for? Create your plan of action for managing mobile relationships post-app install, and use it to build a competitive advantage - whether it’s through higher revenue per user or lower cost per acquisition. A small time investment now will bring results in the present and the future.


Cezary Pietrzak is the Director of Marketing at Appboy, a customer engagement platform for mobile apps. He oversees the company’s growth as well as its thought leadership in mobile. Appboy is Cezary’s second startup. In 2009, he co-founded Wanderfly, a venture-backed travel discovery site that was acquired by TripAdvisor. He also started a digital marketing consultancy and led marketing at tech incubator QLabs. Cezary’s career began at Young & Rubicam, where he developed brand strategies for companies like LG, Bacardi, NHL and Campbell’s. A graduate of the Wharton School, Cezary is active in the New York tech community and writes a marketing blog at His first mobile phone was a Nokia 3310.


Why Are We Driving With Strangers?

You’ve heard it before, the Internet is a great, wondrous invention - and that was from your 87 year old grandpa who just learned about YouTube. More importantly, it gives us the perfect platform to operate more efficiently  . . .  thus, the birth of peer-to-peer startups. It seems these days you can’t go anywhere without Airbnb being brought up, “It’s Airbnb for cat litter” or “It’s the Airbnb of birthday party clowns.”


Yes, I’m all for markets operating more efficiently.  I love the idea that startups are able to make revenue generating models out of boats that sit skiperless or cars that sit driverless at airports (my fellow Brandery classmates), but this leads us to the enormous issue that we’re letting strangers into our personal lives and handing over the keys to our most prized possessions – literally (we’re all familiar with the trashed houses on Airbnb).  Many of these sharing sites do watch out for the best interest of their consumers, but remember that many are startups, with limited resources, a short track record, and a long list of other tasks to do - like grow as fast as possible without going belly-up. Today’s consumers must be cognizant of who they’re letting into their lives and today’s startups should continue to work hard to provide their customers with true transparency of who they’re connecting.


Many startups these days are exploring ways to add safety and security to their platforms, but most of them don’t include the customer. For instance, they may have a wide set of parameters for allowing an individual on their house rental site, such as a person with two breaking and enterings because his Facebook account checked out, OR they may keep out a guy with a speeding ticket for going 60 in a 45 (he was talking his pregnant wife to the hospital), but as the person who’s renting out your house or trying to catch a lift, you should be part of the decision making process. After all, you are one side of the “peer” transaction.


Startups should consider:

  • What is the friction they’re creating when they institute identity confirmation and background check methods? Sites must really think about how they are going to implement these checks, how fast the turnaround is, and how many users will opt-out, while considering the issues that our nation’s background check system has, which many sites don’t even address, including false positives and lack of context.
  • Who bears the burden for the costs of these checks? Sure, the platform makes a dollar or whatever for every car share, but how often do they want to pay for this check to be updated and who internally is getting paid to comb through these applicants?
  • What are the cutoff points for allowing access to your platform (ie. who makes it and who doesn’t? It’s truly a tough call to draw the line, and you’re in essence making a decision for your customers, who may or may not have agreed with your line.
  • How much transparency can you afford to provide? If you’ve got thousands of individuals signing up for your site, and each of them want to know or share more information about themselves to increase their ability to share their services or goods, how can you manage that?


Some big questions that peer-to-peer consumers should consider are:

  • When was the information updated? Sure, the driver you’re about to get into a car with passed the platforms background check, but when is that information from and what jurisdictions were covered?
  • Was their ID verified?  As much weight as you may give to a background check being run on an individual, the only information you need is a name and a matching address, so if that information isn’t actually tied to a specific individual, that background check may be for some little old lady from Pasadena.
  • Which Joe Smith is it? As part of the unofficial due-diligence that many of us go through before using a sharing site, we try to find the other parties Twitter account and Facebook page, but what happens when their name is one of the world’s most common names or their avatar is of a dog.  Being able to find a verified account of each other goes a long way in providing transparency.


These questions and issues are why we built REPP, an online identity platform that allows individuals to verify their own identity and social media channels, and if so desired, run and curate their own background check.  Our thought is that true transparency comes when the party with the knowledge and information has a part in the transaction.  As a third-party, REPP serves as custodian of these profiles, allowing both individuals and peer-to-peer platforms to begin to tackle the “Who’s borrowing my car?” question in a quicker, efficient, and cost-effective manner.


The sharing economy will revolutionize many more industries in the coming years, but it must provide more control and transparency between each party; without accurate information it makes it very difficult to open up one’s home, office, car, or life for someone they met on the internet.




Facebook for India is a Waste of Time by 500Startups’ Pankaj Jain

In a country of almost 1.3 billion people, mid-20th century infrastructure, rampant corruption, over 400 million people below the international poverty line, roughly another 400 million people that are considered middle class and one of the youngest populations on the planet - building the next Facebook is not exciting.

What is exciting? Solving problems for over 800 million people who don’t have access to smartphones, tablets or computers. The real opportunities in India for smart, savvy entrepreneurs is to solve the problems plaguing them on a daily basis. And, there really is no shortage of problems, big or small.


For example, A SMS based service that brings “mandi” (market) prices directly to a farmer and allows the farmer to know exactly how much his produce will get him at a market in Mumbai, Delhi, Indore, Kolkata, etc. In 2009, Thomson Reuters made over a million dollars a year by providing this service to farmers in only three states in India. In many cases, information about current market prices has helped farmers better negotiate fair prices with middlemen, sometimes tripling the amount of money the farmer receives.


Ever hear of “star dialing”? Chances are that if you live in the US, you haven’t. In India, on my mobile phone, I can dial *123# and my current balance will pop up on an iPhone just as easily as a Nokia 1100 feature phone. The best part is that “star dialing” doesn’t cost the caller anything - andno call ever gets terminated. Well, can you imagine building a banking solution on top of this for people who don’t have access to a bank? Eko Financial, based in New Delhi, has done exactly that. For the millions of people who don’t have access to a bank or the millions who need to send money back home to their family in a small village, can now do so quickly and easily by going to a local bodega (we call them “kirana” stores in India) and by giving cash to the store owner. The store owner simply enters a sequence of numbers to authenticate the service and transmits the cash to the destination account. All of this is done in minutes and payments can be tiny or relatively large.


Imagine you live in a rural area with no terrestrial Internet connection, no 3G, no 2G, nothing. You have a mobile phone to communicate with the world via voice and SMS. Now, imagine you could search the web simply by sending an SMS to 55444. Now,you can find the Rotten Tomatoes ratings for a movie playing over the air or you can join IRC style chat rooms simply by using SMS. Innozlet’s you do all of these things and a whole lot more. It’s bringing the power of the Web and applications to people who would never have had access to them. The reality is people living in remote, rural parts of India can now connect with people in cities over IRC style chat rooms, find out the seven day forecast, and even get the best price for a TV from eBay simply by sending a text message.


These are just a few examples of mobile applications that people have built in India over SMS. Add in smartphone apps that alert civic authorities to sewage problems, garbage piled up on the side of the road, illegal construction, unsafe working conditions, etc. and you have a tech savvy urban population that can use technology to improve their quality of life. The opportunity in India isn’t in building another social network or e-commerce site that sells printed kurtis online. The poor across India are hard-pressed to get access to basic resources. The middle class is very aspirational and though price sensitive, the household savings rate, as a percentage of GDP, fell to 7.8% - the lowest in 20 years, according to a report in Times of India. This means middle class Indians are spending and it’s been increasing.


Today, it’s possible to get a basic smartphone in India for INR 4,500 or less than USD 85. The Aakash tablet was an ambitious project to produce a basic Internet device that can be used anywhere a mobile phone can at a USD 50 (subsidized to USD 35). A good deal of controversy surrounded the Aakash tablet. However, the push from the Indian government as well as manufacturers towards more affordable smartphones and tablets will help to create massive opportunities for entrepreneurs. These saavy entrpreneurs will be able to provide solutions to every day problems including education, entertainment, sports, content, and other utilities all while serving hundreds of millions of people who are accessing technology for the first time.

500 Startups provides early-stage companies with up to $250K in funding, access to the startup accelerator program, and unique events like SmashSummitUnSexy, and GeeksOnaPlane. With hundreds of experienced startup mentors around the world, a creative work space in the heart of Silicon Valley, and a vibrant community of startup founders, 500Startups help companies succeed in ways other venture firms do not.

Pankaj Jain of 500Startups “regularly kicks ass” & takes names of Desi founders to help build a vibrant startup ecosystem in India. When he isn’t busting the chops of noob startups or predatory angel investors, or firing up Startup Weekend in Bangalore or Mumbai, you will find him devouring unsuspecting vegetables at Delhi’s best vegetarian sushi joint.


The Good and Bad of Startup Chile

It’s hard to imagine a more unambiguously sweet deal for entrepreneurs than Startup Chile. They get $40,000 of basically free money. They get to live in beautiful, modern, safe, and prosperous Santiago, Chile, for up to a year. And they get a community of like-minded international entrepreneurial types to talk with while they build their companies. Aside from the hassle of moving to Chile (which is a really long way from just about anywhere), there’s no apparent down side.


Startup Chile, therefore, has attracted quite a bit of attention since its start in 2010. Applicants for the most recent class came from more than 60 countries and the program received 14 applications for every available spot. And those accepted to the program represent a fairly wide swath of industries, albeit with a heavy emphasis on Silicon Valley-esque business models.


Chile is one of the few governments in the region that could reasonably be expected to sponsor such a program. The country has little to no debt, and the lowest unemployment rate in 40 years. Chile can (for now, anyway) afford to take the long view, which is in line with the stated goal of the program: to instill entrepreneurial spirit in Chileans.


The key problem is that it’s simply not possible to create “the next Silicon Valley” using legislative fiat and gobs of cash. That’s a truism, but politicians worldwide never seem to learn. If you don’t believe me, look at this ridiculous list of place names intended to evoke Silicon Valley
(click it)
. Then name one world-class company that came out of any of them.


While most participants agree that the administrators of Startup Chile are a group of well-intentioned people, they are not entrepreneurs. They are government employees. Past participants have complained of bureaucracy and delays related to reimbursement of expenses (the $40K is not an up-front grant — expenses must be approved (click it)). And while mentorship and networking opportunities have reportedly expanded since its inception, most of those associated with the Startup Chile network are from the government or academia, not the ranks of successful entrepreneurs.


Moreover, Chile is a small market, and there is very little in the way of venture capital to be had. Few Startup Chile participants have received VC funding. One company, Entrustet, was acquired. Graduates of Startup Chile have mostly, as far as I have heard, left Chile and moved back to their home countries, though it must be noted that the majority of them maintain some business connection with Chile. But in general, Chilean taxpayers haven’t gotten much in the way of entrepreneurial zing for their pesos.


It may be too early to judge Startup Chile. After all, it was only started in 2010, and the program is only on its sixth class (click it). Ironically, the program might actually improve if it started asking for equity in exchange for investment. That equity could help stimulate the embryonic venture capital industry in Chile. It would place greater value on the good work being done by the entrepreneurs that build the businesses, and it would ensure that participants have skin in the game. It might even result in a positive financial outcome for the program.


Fundamentally, anything that encourages entrepreneurship can’t be bad. For that I applaud the founders of Startup Chile. Their country (indeed, the entire region) needs them. But there is a better way. Startup Chile needs to find it.



M. Christopher Johnson is co-founder of, which is focused on tech entrepreneurship in Latin America. He has also written for the Wall Street Journal’s All Things D, Venture Beat, and Thomson Reuters’ PE Hub. He is based in Mexico City.

Indian Angel Network explains E-Commerce in India

From buying shoes to booking travel tickets to buying properties, online shopping has become an integral part of lives of many today. India companies have overcome the biggest challenge faced in the Indian market of consumers to have a touch and feel experience and have created a market for themselves.  Options like ‘cash on delivery’ and ‘try before you pay’ has helped Indian consumers make a shift to the virtual marketplace. Companies have molded their business models in a way to function according to the Indian mentality based on the ‘trust factor.’


Online platform fits well when you search for needles in a haystack since tapping them through physical stores alone is next to impossible. By funding these game-changing ventures, angel investors in India played an important role in increasing the entrepreneurial activity in the sector. Indian Angel Network (IAN), India’s only national, nimble and Asia’s largest business angel investor network also invested in a few innovative and creative startups. Considering the uniqueness and the potential of these startups of making it big, IAN invested in; Alma Mater, PrettySecrets, Myshaadi and Hungryzone (now increasing the investment activity in the space. An IAN incubatee company, The Shoe Men; an online shoe laundry is another interesting venture.


 “With this potential, what is imperative for a young company to grow, or even survive, is to have a robust offline delivery model with high service levels from the logistics teams. And for a venture with detailed operational plan and a high execution team, India provides the ideal growth market. And such a venture is a boon for investors,” said Mr. Ajai Chowdhry, an investor member, Indian Angel Network.


India’s e-commerce industry is although growing at a fast pace but is still at a nascent stage when compared to the global markets. The evolvement of the consumers from just surfing the net to being an aggressive online consumer and carrying out regular transactions online is quite evident. This swift shift has brought the country in spotlight as one of the most important markets giving new ventures an opportunity to garner businesses in the country. According to a recent research done by ebay, with a size of $800 million, the Indian e-commerce market is expected to grow rapidly to $5 billion in 2015. By making a huge investment recently in the Indian market, ebay has only reinforced its research on the on-growing space which has brought freshness in the Indian investment market.


Mr. Manav Garg, an IAN investor member said, “Indian e-commerce is a long term play. It requires a lot of cash to build the business. Investors need a heart of steel. Investors with deep pockets who understand that the play is in solving the inefficient supply chain/logistics/ early customer adoption risk will benefit. Picking up the right team that can address the operational and marketing challenges is the key to successful e-commerce ventures.  Indian e-commerce is coming out of infancy. Going forward we will see newer models like subscription based selling will emerge. There will also be room for companies that provide product/ services to the e-commerce ecosystem and logistics / platform for delivery companies.”


For instance, travel and retail form the major piece of the Indian e-commerce-pie. Offering options to the consumers in terms of brand, product range and pricing has worked in favor of these retailers in growing their business online. Although, travel has always been ahead of the curve in terms of visitation and transactions, the growth in retail shows the immense potential that the category holds in India with online retail filling the distribution and convenience gap. The ecosystem to support growth in online retail has also evolved including improvement in logistics and awareness among brands in making the products available online.

This trend led to the mushrooming of a number of innovative startups in the country, catering to the needs of the consumers while providing them with enough preferences to grab the opportunity to increase their customer base. Startups like Flipkart, Myntra and Jabong brought the rage in the Indian online market. It has successfully encouraged and made way for several other innovative startups in diverse verticals like F&B, matrimonial and apparels creating a buzz in the Indian entrepreneurial landscape. E-commerce became the hot favorite amongst the investors as in the past three years, 52 ecommerce start-ups raised $700 million in funding. (Source: Allegro Capital Advisor) Making their way to the Indian market is another breed of companies like Quikr with a C2C model creating a marketplace for sellers and buyers to engage virtually. For the e-commerce space, it can be rightly said, innovation is the key to success.

Although 2012 ended on a good note for the e-commerce startups, in the coming years, companies would need to be more innovative and original to gauge the attention of the investors for funding. Due to the surge in the momentum of the sector, duplication of ideas has been witnessed which has led to the slowdown in the investment activities. Looking at the trends in 2012, the next few years are expected to have a strong growth for players who’re focused on growing categories like apparels and accessories, and niche product categories like baby products, home furnishings, and health nutrition.




/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;


Low-Hanging Fruit Ninjas - Viral Gaming

There are 135,000 games in the iOS store today and for every game developer, discovery is more difficult than ever. While there are some new platforms on the horizon, most developers feel stuck as none is well placed enough to really become the next platform story. Worse, the “fast follow” mentality of some of the more predatory publishers has made developing games perilous for indie game makers. How long will it be before they all take a look at the startling success of Ridiculous Fishing, and inundate us with fishing games?


The current issue for developers is not one of innovation. There is always the possibility to create new game mechanics, but when everyone is doing the same thing, that advantage drops quickly. Fruit Ninja, Angry Birds, Doodle Jump, Flight Control, Zynga Poker, FarmVille and many other now-famous games are examples of low-hanging-fruit (as viral gaming). Unfortunately, their dramatic success inspires other developers to get involved. 400 games about cutting fruit or other objects, piloting planes or boats into dock, and so on, all start to look identical after a while. Developers either need a new platform or an innovation so strong that they rise above the crowd.


If most of the low-hanging-fruit has been picked, the power belongs to the gatekeepers. The only recourse left to developers is to find an edge. In our case, we believe that real-time multiplayer is the edge the industry is looking for.


It may sound simple, but making real-time multiplayer gaming work on mobile devices is an incredibly tough technical challenge. It’s not as simple as saying “just add multiplayer,” which a few projects are trying to do. Game developers must also maintain the game states and progress of thousands of players, manage latency issues, and design games that work best within a mobile format. Latency issues can crop up when there is too much stress on the server, due to a combination of several factors. Managing latency means making sure everything is running smoothly to provide users an even playing field. For a real-time multiplayer game to really sing, it has to be built to do so from the ground up- especially if you want to be able to run 1000-player tournaments.


That is the future: millions of players online, in real-time, playing together.


Most other game companies (particularly in smart device platforms like iOS) are not geared toward solving this kind of problem. For years they have been trying to solve a different problem - asynchronous play - and they’ve done a great job. They simply don’t employ the kind of engineer who is able to do multiplayer at scale.  However, asynchronous gaming is now at capacity with titles ranging from Zynga’s -Ville games to Supercell’s Clash of Clans.


In our estimation, there is tremendous pent up demand for real-time multiplayer games. Games that are run on our platform such as Word Rack on Facebook or Match-Up! on iOS, regularly see engagement rates that are twice or three times industry standard. We have games that are played for over an hour every single day, and in some cases played obsessively. In a little over a week, some Match-Up! players have already played their way to 750,000 chips and given very positive, 5-star reviews.


A tectonic shift is about to occur from asynchronous, single player to real-time multi-player. The shift is driven by the following:


  • Widespread 4G and ubiquitous WiFi facilitates real-time in a way that was impossible just a few years ago.  A player can play a game in Atlanta against another in Seattle and only experience lag at one-tenth of a second; short enough to never notice.
  • The critical-mass issue has been solved. With a million iOS and Android devices activated around the world every single day, and a device population that stretches into the billions, you can always find someone to play against with no wait times.
  • Turn-based games have largely tapped out. Waiting for your Words With Friends, Draw Something or Letterpress buddy to take his turn can be a very disappointing experience. With real-time multiplayer gaming, there is always someone new. Launch the game and you’re immediately into the action.
  • Lower threat of saturation: If developers can’t duplicate the underlying technology, they can’t duplicate the game.
  • Cloud services like AWS (Amazon Web Services) make server scaling and bandwidth incredibly affordable.  For our first one million tournament entries our bandwidth costs were a measly $9.42. That’s right. Nine dollars and forty-two cents. In total.
  • Real-time multiplayer is incredibly social. I don’t mean your friends bugging you on Facebook to send them FarmBucks, I mean actively social. Real-time games form tribes of committed players who want to befriend each other, compete against one another and find a community in which to participate. I know when I’m competing in a tournament against players around the world, I’m closer to people than I was when playing alone.


My team and I have made a very big bet building a team and technology to do what no other company has been able to do. It’s our edge, and one that we think will revolutionize the industry. Match-Up! went live on March 14  and  our next real-time multiplayer tournament games will go live in April. We are working on many other projects to launch over the course of this year, and looking to work with great people who believe that some day soon, games will be real time all the time.


Cyber Threat Amnesia: Historical Timeline

There are several certainties in computer security. One is that when adversaries have intent they will always find a way to get what they want. Another certainty is that leadership in government and industry is quick to forget the lessons learned in cyber security, especially those dealing with adversary action.

This situation is known as Cyber Threat Amnesia.


Our history indicates cyber security events frequently cause action and remediation and those can get widespread attention. But soon after the attempt to remediate, organizations collectively forget about the threat.


Here is an updated list of major events. This is not all major events, just those widely reported to be “wake up calls” for the nation.


1970 and 1971

  • The Defense Science Board publishes what will be known as the “Ware Report” highlighting the potential dangers to department information in the coming age of connected computing. This report was widely seen as a “wake up call” for computer security and caused changes at institutions like the National Security Agency to enhance the departments security posture.



  • NOV - The Morris Worm was released and propagated throughout internet worked systems including those of the federal government. This “wake up call” resulted in establishment of computer response organizations throughout DoD and also resulted in increased funding for computer security research being provided to academic organizations and institutions.
    The CERT/CC at Carnegie Mellon University was funded.



  • The President’s Commission on Critical Infrastructure Protection (PCCIP) was widely regarded as a “wake up call” for the entire federal government and since it was extensively coordinated with industry and academia it was also seen as a way forward in cybersecurity for the entire nation.



  • Deputy Secretary of Defense John Hamre was quoted as saying “Solar Sunrise was a wake up call for DoD.” This activity resulted in increased funding to cyber defense organizations and the creation of a new joint activity called DoD’s “Joint Task Force Computer Network Defense” or JTF-CND (Gourley was first Director of Intelligence (J2) there).



  • Assistant Secretary of Defense Art Money was quoted as saying “Moonlight Maze was a wake up call for DoD.”  This activity resulted in enhanced counterintelligence resources and more information sharing across the DoD law enforcement and counterintelligence.



  • Director of National Intelligence Admiral Blair testified that “Buckshot Yankee was a wake up call” for the government. This activity resulted in more awareness and more funding for cyber security throughout the federal government.



  • Deputy Secretary of Defense Lynn writes that “Google’s Aurora attacks were a wake up call for us all.”  This wake up call resulted in stronger, deeper coordination across the federal space and underscored need for a DoD strategy.



  • Deputy Assistant Secretary of Defense Bob Butler says “Wikileaks was a wake up call for DoD.” This wake up call resulted in significant activities and planning across the federal space aimed at enhancing security of information from disclosure.



  • SEP -  In one of the most destructive attacks against computers noted against any company to date, Saudi state-owned oil company ARAMCO had data destroyed on over 3/4 of their companies’ computers. The NY Times reports this as a “wake up call” and attributes intelligence officials with that assessment.


  • OCT -  South Carolina Gov Nikki Haley announced a massive hack into state websites.
    The Gov offered the excuse that these attacks are increasingly common. Reporters suggested this be her “wake up call”.


  • OCT - Secretary of Defense Pannetta issues what he said is a “clarion call” for American’s to “wake up” to the growing cyber threat.


  • NOV - Former Director of National Intelligence provides “wake up call” warning of a potential 9/11 type attack via cyber.


  • SEP - Department of Energy issues a report on internal cybersecurity practices. This report by their internal inspector general was reportedly seen as a “wake up call” for the agency’s cyber security group.



  • JAN - New York Times acknowledges hacks into its papers by Chinese sources. This was widely reported as a “wake up call” for security experts in media.


  • JAN - Twitter was hit by a major hack in what security experts called a “wake up call” for the ecommerce and social media community.


  • JAN -  Attacks on US banks called a “wake up call” for the industry by cyber security professionals.


  • FEB -  Anonymous attacks against Federal Reserve investigated by FBI. Compromise, called a “wake up call” compromised data from the Fed’s Emergency Communications System.


  • FEB - Chairman of the House Intelligence Committee expressed confidence that the hackers recently targeting newspapers and other companies would soon “wake up” Washington on cybersecurity.


  • FEB - Mandiant releases a report exposing one of China’s Cyber Espionage Groups. This report, widely considered one of the best articulations of the threat, resulted in significant positive awareness on the seriousness of the threat and was widely called a wake up call. We believe this is one of the best pieces of cybersecurity research ever produced by an independent company, and we know it is making positive, virtuous change. We hope this goes a long way to really being the wake up call we all need.


The reason to publish the list is to get your brain deeper into the game. Maybe there is something you can do to prevent Cyber Threat Amnesia.  Maybe you can suggest action to current community or government or business leaders? Or maybe you can find ways to educate policy makers or Congress or the American public? Or maybe you have other ideas for stopping this madness of forgetting about the threat.




3 Reasons Hardware Startups Fail by BOLT Labs

All startups face a mountain of challenges. When you throw a hardware product into the mix, that mountain inherits sub-zero temperatures and a record-setting blizzard. The path is not insurmountable, but hardware startup founders should carefully plot their course on their way to paying customers.


Founders of early-stage companies typically have two foci: cash and product development. Once founders nail the cash problem (whether through private investors, venture capital, Kickstarter or couch change) companies shift into high gear to make as many copies of their product as fast as possible. Despite their best efforts, first-time hardware developers often wind up with over-priced products of lower-than-expected quality delivered behind schedule. This trifecta of failure is driven by the same three things….


Manufacturing is harder than distributing software, but it’s not impossible. If you were to ask Apple or Dell what the biggest problem they face with new products is, I guarantee you it won’t be manufacturing. Manufacturing won’t even make the top 5. But if you were to ask startups the same question, it almost always is . Think about why that is. They hire people that have done it before . It’s worth every penny.


Timing is everything. Understanding a few basic facts about how products move through the manufacturing and distribution systems can make the difference between a blockbuster success and dismal failure. Avoid development feature creep like the plague. Anticipate at least one component in your product will go missing/lost/too expensive/long lead time and plan for replacements. Always factor in shipping and customs time + 50%. Know that most retailers lose money every month except December. Test everything.


There are really two factors at play here: what I call “microeconomics” and “macroeconomics”. Microeconomics are things like your Bill of Materials (BOM) and Cost of Goods Sold (COGS). Own these numbers. Know that every penny counts. Consumer products typically see a 3-4x increase to the shelf cost (ie. a microprocessor that costs you $1 more means the end price of the product needs to be raised by $3 - $4).


Macroeconomics relate to the product/market fit and how many products you need to build/sell to get to your next stage of development. Every single time you approve a product run, you should have very specific metrics of what you want to learn. The oft-used “make as many possible and sell them all” doesn’t cut it unless you want boxes and boxes of costly leftovers.


These are a subset of some of the pitfalls and how they can be avoided. If you have specific questions regarding product development and/or manufacturing, feel free to contact us at [email protected].



Ben is the Managing Director of Bolt, a Boston-based program that helps promising early-stage hardware companies develop their products and get to market. Bolt provides companies with capital, staff, shop equipment, and extensive expertise with manufacturing and commercialization.



So, You’ve Built a Prototype

So, You’ve Built a Prototype? Awesome…Here’s 10 Ways Shit Will Hit the Fan


10. Your overseas supplier calls and says a critical component is out of stock. Move back 3 months.


9.  Your part is already in production and the UL testing shows you will have to redesign the part from scratch. Move back 6 months.


8. The crowdfunding site rejects your product without explanation. Move back 8 weeks.


7.  You just spent 12 hours designing a part…only to find out you were working on the wrong version.  Cry a little, move back 4 hours.


6. You sent drawings that were in millimeters and they built them in inches. Move back 1 week.


5.  You are told that all air freight is booked. Boat is the only option. Move back 3 weeks.


4. You find out app that goes with your product is rejected from the app store. In limbo. Wait between 2 – 12 weeks.


3.  You find out there is a major company with a patent on the exact thing you built.  Move back to the initial design phase.


2.  Your stealth competitor launches their product before you. Figure out how to pitch your product as better. Stop sleeping and move ahead 2 weeks.


1.  You get the first versions and realize they spelled your company name wrong. Get on a plane to oversee the next build. Take the chute to China.




Google Search for Hackers by InfoSec Expert Dan Tentler

So, what can I tell you about shodan? It’s a search engine like google, except it doesn’t spider websites - it spiders open ports of devices connected to the internet. It’s basically a gigantic port scanner, but only on a small number of ports - the popular ones.


The first thing everyone wants to do when they find shodan is to search for computers, networking equipment and other mainstream things people assume are online. While there are certainly eyebrow-raising numbers of IIS 5 installations and swarms of vulnerable tomcat and jboss installs connected to the internet, there are also devices that nobody would outwardly consider to be online or even that they had the capacity to be online. Who builds a webserver into a carwash? They’re online. So are license plate cameras, webcams, giant hotel-based wine coolers, 911 first-responder VOIP systems - the list goes on, and the list is quite long.


There has been this prevailing wind - since the dawn of connectivity, that for some reason businesses and internet patrons at large simply cannot shake - the concept of “security through obscurity”. Security through obscurity dictates thought processes like “If I put this online and I just don’t tell anybody about it, there’s no way I can get hacked because who could possibly know about it?”. The answer to that is “anybody who looks”, and the bad guys have been “looking” for the better part of 15 years - actively scanning the internet 24 hours a day to find known vulnerabilities. Shodan seems like our best hope of finally making some ground in favor of smiting that particularly nasty demon since it gives people a chance to look at what they have exposed without the need to hire a security firm or a contractor.


Anybody that has ever had to make business decisions about what goes online and what doesn’t has considered “Eh, just put it online. What could possibly go wrong?”. A good lot of those folks had to subsequently endure dealing with “Hey, um - we got hacked. What do we do?”. At that point the blame-game begins, then the fingerpointing - it’s not pretty. The 600 pound gorilla in the room named “Who decided it was okay to do this in the first place” is always conveniently avoided - as usually it is whoever is writing the checks to the employees in the first place - and somehow we’ve painted ourselves into the corner of “The guy who writes the checks made a really bad call, but we can’t say anything because we like our jobs/paychecks/etc”. If you get me started, I’ll go on a rant about how businesses now are putting their ENTIRE infrastructure on the internet - whole businesses with all their servers exposed because someone told them ‘going to the cloud’ would help their pocketbook - but in reality it’s exposed all of their secret sauce directly to the internet because the operational security of their business endeavor was never taken into account.


This phenomenon is exacerbated by tools like shodan, and while it is painful to deal with in the short term - at least for people who put things online that shouldn’t be online - the longer lasting effects will be that people will consider what they’re doing a little bit more carefully next time they make a decision.


Some would condemn shodan for “exposing” things - those same people would condemn google for the same thing. Those folks need to learn how to admit they made a mistake and move along smartly - not only would it be better in reducing their stress, the internet at large would become a safer place.


The takeaway here is that shodan is a tool, like google. It’s a tool that every business should be using to examine themselves before going live. Other businesses do it frequently - banks have architects and foremen come in while the bank is being built to say things like “You need a vault” and “There should probably be security cameras here” or “You may want to consider putting a lock on the front door so you can lock up at night”. Internet facing businesses should have the same security considerations - if you elect to not put a front door on your business, don’t be surprised to come in one day to find strangers roaming around.